Comments (3)
fr4ncidir
commented on August 26, 2024
I've recently re-written C apis and Python apis, I never encountered the problem since all requests were answered. Any more details?
from sepa.
relu91
commented on August 26, 2024
Sure!
As stated in the issue description, consider that you have a secure WebSocket connection with SEPA. Consequently, send on this connection the following message:
{"subscribe" : {
"sparql" : "select * where {?vaimee ?deda ?didi}",
"alias" : "ALL"
}}SEPA wrongly answers with a notification message with the results of the query. However, it should reply with an error message since the subscription request lacks the authorization field. This field is fundamental to have a valid aouth2 flow.
The expected response message should be:
{
"error":"unauthorized_client",
"error_description" : "Client is not authorized",
"status_code" : 401
}If you followed the specifications you probably didn't encountered in this issue, but still is there.
Right now every client could basically read the entire database even though is not authorized by the system.
I'll fix this issue next week.
There were also problems with token expiration, before it wasn't validated. Be careful, the 60f4922 change introduces token expiration validation. That means, if the token is expired it will be rejected and the client should renew it. This behavior was described in the various documents so your apis shouldn't be affected
from sepa.
relu91
commented on August 26, 2024
Fixed f236823
from sepa.
Related Issues (20)
- Include constrained devices
- Subscription duplication function HOT 5
- json-ld and other formats
- Improving EngineProperties saving HOT 2
- Forced binding doesn't use the default type HOT 1
- Reduce log during mvn tests
- Violation of Liskov substitution principle in JSAP file
- Bug on Client class HOT 1
- 404 WebSocket Upgrade Failure HOT 2
- Resolve dependabot issues HOT 1
- <help wanted> Problems about implementing delete function based on NGSI-LD HOT 1
- General Question about the SPARQL UPDATE using DELETE Function. HOT 3
- No notifications with the default graph (or in triple mode) HOT 2
- Sepa as web thing
- "LONG" Query POST to Virtuoso ends with "wrong path" while GET trunks the the query
- Include only needed prefixes
- [ALGORITHM] Count number of triples of a single pattern and add a new one once a triple matching the pattern is received (and remove if removed) HOT 1
- Broken subscriptions for queries with ASK statement
- Engine cannot handle HTTP status code 204
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sepa.